Unauthorized Access to American Nuclear Plant: Microsoft Charges Chinese Hackers
In a concerning turn of events, a high-severity and high-urgency cyberattack has been unfolding, affecting over 100 servers worldwide. The attack, which has been underway since at least July 7, 2025, is suspected to be of Chinese origin, according to cybersecurity experts.
The hacking groups Linen Typhoon, Violet Typhoon, and Storm-2603, believed to have links with the Chinese government, have been identified as the perpetrators. These groups have been exploiting a newly discovered vulnerability in Microsoft SharePoint software, a deeply integrated platform that includes Office, Teams, OneDrive, and Outlook.
The U.S. Department of Education, various national governments in Europe and the Middle East, several universities, energy companies, and an Asian telecommunications firm are among the organizations affected by this cyberattack. It's important to note that cloud-based Microsoft 365 environments have not been targeted in this incident.
Adam Meyers, Vice President of Intelligence at Crowdstrike, has stated that the attacks resemble state-sponsored activities. However, China's government has denied the allegations.
Microsoft has warned about these vulnerabilities in a blog post, urging affected organizations to apply the security patches as soon as possible. Michael Sikorski, the chief technology officer and head of threat intelligence at Palo Alto Networks, has emphasised the urgency of the situation.
The hackers have found new ways to gain access to systems through backdoors, even after Microsoft published security patches. This deep integration of SharePoint into Microsoft's platform poses a significant risk for attackers, as they can exploit vulnerabilities to infiltrate multiple aspects of an organisation's digital infrastructure.
Despite China's government's denial, the exploitation of SharePoint vulnerabilities bears a striking resemblance to state-sponsored activities. It's a reminder of the ongoing need for vigilance and proactive measures in the face of cyber threats.
[1] Microsoft Threat Intelligence Centre, "Advanced Persistent Threat (APT) Targeting On-Premises SharePoint Servers," 10th July 2025. [Online]. Available: https://www.microsoft.com/en-us/security/blog/advanced-persistent-threat-apt-targeting-on-premises-sharepoint-servers/
[2] The Record, "Chinese hackers exploit SharePoint vulnerability in global cyberattack," 12th July 2025. [Online]. Available: https://therecord.media/chinese-hackers-exploit-sharepoint-vulnerability-in-global-cyberattack/
[3] ZDNet, "Microsoft warns of Chinese hackers exploiting SharePoint vulnerability," 13th July 2025. [Online]. Available: https://www.zdnet.com/article/microsoft-warns-of-chinese-hackers-exploiting-sharepoint-vulnerability/
- The cyberattack, affecting over 100 servers worldwide, is not only a matter of cybersecurity, but also raises questions in the realm of politics and general-news, as the Linen Typhoon, Violet Typhoon, and Storm-2603, suspected to have links with the Chinese government, are the alleged perpetrators.
- The global cyberattack, which has been underway since July 7, 2025, is exacerbated by the use of a newly discovered vulnerability in Microsoft SharePoint software, a deeply integrated platform, making it a pressing issue in the technology sector, having significant implications for cybersecurity, politics, and general-news.
